Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

data.json uses mode 666 on linux #8955

Open
1 task done
exincore opened this issue Apr 28, 2024 · 3 comments
Open
1 task done

data.json uses mode 666 on linux #8955

exincore opened this issue Apr 28, 2024 · 3 comments
Labels
bug desktop Desktop Application

Comments

@exincore
Copy link

Steps To Reproduce

  1. Clear user data with rm -r ~/.config/Bitwarden
  2. Open Bitwarden AppImage and login
  3. Observe access mode with stat ~/.config/Bitwarden/data.json

Expected Result

~/.config/Bitwarden/data.json should have access mode 0600/-rw-------.

Actual Result

~/.config/Bitwarden/data.json has access mode 0666/-rw-rw-rw-. If the mode is manually changed to 600 with chmod 600 ~/.config/Bitwarden/data.json, the application will change it back to 666.

Screenshots or Videos

No response

Additional Context

I have also witnessed briefly a temporary file of the form data.json.tmp-xxxxxxxxxxxxxxxx with access mode 0644/-rw-r--r-- on application launch.

There are also some symbolic links SingletonCookie,SingletonLock, and SingletonSocket that have mode 0777/lrwxrwxrwx that exist as long as the application is open; one of these appears to store a sensitive variable, and symlinks cannot have access mode other than 777.

Operating System

Linux

Operating System Version

openSUSE Tumbleweed x86_64 20240423; kernel 6.8.7-1-default; KDE Plasma 6.0.4

Installation method

Direct Download (from bitwarden.com)

Build Version

2024.4.1

Issue Tracking Info

  • I understand that work is tracked outside of GitHub. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
@exincore exincore added bug desktop Desktop Application labels Apr 28, 2024
@SergeantConfused
Copy link

Hello @exincore,

Thank you for this report. Just to make sure that you and I are on the same page, how did you install that Bitwarden desktop client?

To be clear, we have captured this matter internally with regard to the .AppImage release, and we received a similar report about the Export function here.

Thank you in advance,

@exincore
Copy link
Author

I downloaded the latest AppImage from https://bitwarden.com/download and moved it to ~/bin/Bitwarden-2024.4.1-x86_84.AppImage.

Launching the application by executing Bitwarden-2024.4.1-x86_84.AppImage in a shell will cause this issue.

Also, I have the daemon appimaged which automatically generates this desktop file ~/.local/share/applications/appimagekit_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-bitwarden.desktop; launching the application with this desktop file leads to the same result:

[Desktop Entry]
Name=Bitwarden
Exec=/home/exin/bin/Bitwarden-2024.4.1-x86_64.AppImage
Terminal=false
Type=Application
Icon=appimagekit_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_bitwarden
StartupWMClass=Bitwarden
X-AppImage-Version=2024.4.1
GenericName=Password Manager
Comment=A secure and free password manager for all of your devices.
MimeType=x-scheme-handler/bitwarden;
Categories=Utility;
TryExec=/home/exin/bin/Bitwarden-2024.4.1-x86_64.AppImage
X-AppImage-Comment=Generated by appimaged 10
X-AppImage-Identifier=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

@SergeantConfused
Copy link

Hi @exincore,

Thank you. Yes, this matter has already been captured internally, and we're looking into it; I will this external GitHub report open for visibility for the time being.

Thank you again,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug desktop Desktop Application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@exincore @SergeantConfused